Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th

[Nabarun Nag]

Thank you all for the valuable feedback, below is the final draft, please do 
let me know if this is anything more to add.

> ## Description:
> The mission of Apache Geode is the creation and maintenance of software
> related
> to a data management platform that provides real-time, consistent access to
> data-intensive applications throughout widely distributed cloud
> architectures.
>
> ## Issues:
> There are no Board-level issues at this time.
>
> ## Membership Data:
> Apache Geode was founded 2016-11-15 (5 years ago)
> There are currently 115 committers and 54 PMC members in this project.
> The Committer-to-PMC ratio is roughly 2:1.
>
> Community changes, past quarter:
> - No new PMC members. Last addition was Donal Evans on 2021-03-22.
> - No new committers. Last addition was Alberto Bustamante on 2021-05-13.
>
  > ## Project Activity:
> We issued 9 releases this quarter, all do which include an updated Log4j2 
version
> to handle the remote code execution CVE.
> Apache Geode Kafka Connector 1.1.0 was also released
> this quarter.
> We have also started the effort to remove the use of deprecated components
> in the project.
>
> > Recent Releases of Apache Geode:
> > - 1.14.3 was released on 2022-01-25
> > - 1.13.7 was released on 2022-01-22
> > - 1.12.8 was released on 2022-01-13
> > - 1.12.7 was released on 2021-12-17
> > - 1.13.6 was released on 2021-12-17
> > - 1.14.2 was released on 2021-12-17
> > - 1.12.6 was released on 2021-12-11
> > - 1.13.5 was released on 2021-12-11
> > - 1.14.1 was released on 2021-12-11
>
>
> Work on releasing 1.15.0 is progressing as planned.
>
> Apache Geode Kafka Connector 1.1.0 was released on 2022-01-18.
>
> ## Community Health:
> - Continuing our monthly video conferences.
> - Addition of Kafka Connector project to grow the community.
> - Mailing lists are seeing the usual amount of traffic involving
> discussions
> related to improving performance, operation protocols, etc.

From: Dan Smith 
Sent: Friday, February 4, 2022 3:20 PM
To: dev@geode.apache.org 
Subject: Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th

Sounds good. BTW, I don't mean to discount all the hard work folks did getting 
these patches out quickly. Thanks again for everyone who helped with that 
effort!

-Dan

From: Owen Nichols 
Sent: Friday, February 4, 2022 2:52 PM
To: dev@geode.apache.org 
Subject: Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th

That's a much better way to put it, Mark.  Thanks!

On 2/4/22, 2:50 PM, "Mark Bretl"  wrote:

I agree with Dan here that bragging about 'one of the quickest' is not
needed, but noting we are up-to-date with Log4J patches and have
documentation for mitigation might be a better approach.

My $.02

--Mark

On Fri, Feb 4, 2022 at 11:34 AM Dan Smith  wrote:

> Counting the kafka connector I'm not sure bragging about CVE patching
> speed is justified, but otherwise looks good to me!
>
> -Dan
> 
> From: Nabarun Nag 
> Sent: Tuesday, February 1, 2022 2:25 PM
> To: dev@geode.apache.org 
> Subject: Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th
>
> Thank you for the feedback, please find the new draft with the added
> review comments.
>
> ## Project Activity:
> We issued 9 releases this quarter which include an updated Log4j2 version
> to handle the remote code execution CVE. The project had one of the
> quickest turnaround times from the Log4j2 CVE disclosure to the patch
> releases with the fix. Apache Geode Kafka Connector 1.1.0 was also 
released
> this quarter.
> We have also started the effort to remove the use of deprecated components
> in the project.
>
> > Recent Releases of Apache Geode:
> > - 1.14.3 was released on 2022-01-25
> > - 1.13.7 was released on 2022-01-22
> > - 1.12.8 was released on 2022-01-13
> > - 1.12.7 was released on 2022-12-17
> > - 1.13.6 was released on 2021-12-17
> > - 1.14.2 was released on 2021-12-17
> > - 1.12.6 was released on 2021-12-11
> > - 1.13.5 was released on 2021-12-11
> > - 1.14.1 was released on 2021-12-11
>
>
> 
> From: Owen Nichols 
> Sent: Tuesday, February 1, 2022 12:39 PM
> To: dev@geode.apache.org 
> Subject: Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th
>
> 1.12.8 seems to be missing from the list of releases. Also consider
> bragging about Geode’s turnaround time from CvE disclosure to patch
> release…only one other ASF project got theirs out faster than we did.
>
>
> ---
> Sent from Workspace ONE Boxer<
> 

Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th

[Dan Smith]

Sounds good. BTW, I don't mean to discount all the hard work folks did getting 
these patches out quickly. Thanks again for everyone who helped with that 
effort!

-Dan

From: Owen Nichols 
Sent: Friday, February 4, 2022 2:52 PM
To: dev@geode.apache.org 
Subject: Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th

That's a much better way to put it, Mark.  Thanks!

On 2/4/22, 2:50 PM, "Mark Bretl"  wrote:

I agree with Dan here that bragging about 'one of the quickest' is not
needed, but noting we are up-to-date with Log4J patches and have
documentation for mitigation might be a better approach.

My $.02

--Mark

On Fri, Feb 4, 2022 at 11:34 AM Dan Smith  wrote:

> Counting the kafka connector I'm not sure bragging about CVE patching
> speed is justified, but otherwise looks good to me!
>
> -Dan
> 
> From: Nabarun Nag 
> Sent: Tuesday, February 1, 2022 2:25 PM
> To: dev@geode.apache.org 
> Subject: Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th
>
> Thank you for the feedback, please find the new draft with the added
> review comments.
>
> ## Project Activity:
> We issued 9 releases this quarter which include an updated Log4j2 version
> to handle the remote code execution CVE. The project had one of the
> quickest turnaround times from the Log4j2 CVE disclosure to the patch
> releases with the fix. Apache Geode Kafka Connector 1.1.0 was also 
released
> this quarter.
> We have also started the effort to remove the use of deprecated components
> in the project.
>
> > Recent Releases of Apache Geode:
> > - 1.14.3 was released on 2022-01-25
> > - 1.13.7 was released on 2022-01-22
> > - 1.12.8 was released on 2022-01-13
> > - 1.12.7 was released on 2022-12-17
> > - 1.13.6 was released on 2021-12-17
> > - 1.14.2 was released on 2021-12-17
> > - 1.12.6 was released on 2021-12-11
> > - 1.13.5 was released on 2021-12-11
> > - 1.14.1 was released on 2021-12-11
>
>
> 
> From: Owen Nichols 
> Sent: Tuesday, February 1, 2022 12:39 PM
> To: dev@geode.apache.org 
> Subject: Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th
>
> 1.12.8 seems to be missing from the list of releases. Also consider
> bragging about Geode’s turnaround time from CvE disclosure to patch
> release…only one other ASF project got theirs out faster than we did.
>
>
> ---
> Sent from Workspace ONE Boxer<
> 
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwhatisworkspaceone.com%2Fboxerdata=04%7C01%7Cdasmith%40vmware.com%7C8711fa42cf134533e5f508d9e830fce0%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637796119396671277%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=5la0l1lFE8X7YzoAAIDoOr4X4Z6tT0IcLZj89d4F%2F14%3Dreserved=0
> >
>
> On January 31, 2022 at 1:57:18 PM PST, Dave Barnes 
> wrote:
> LGTM +1
>
> On Mon, Jan 31, 2022 at 12:50 PM Nabarun Nag  wrote:
>
> > This is a draft of our report to the board. Please let me know if there
> > are details you'd like me to add!
> >
> > --Naba
> >
> > ## Description:
> > The mission of Apache Geode is the creation and maintenance of software
> > related
> > to a data management platform that provides real-time, consistent access
> to
> > data-intensive applications throughout widely distributed cloud
> > architectures.
> >
> > ## Issues:
> > There are no Board-level issues at this time.
> >
> > ## Membership Data:
> > Apache Geode was founded 2016-11-15 (5 years ago)
> > There are currently 115 committers and 54 PMC members in this project.
> > The Committer-to-PMC ratio is roughly 2:1.
> >
> > Community changes, past quarter:
> > - No new PMC members. Last addition was Donal Evans on 2021-03-22.
> > - No new committers. Last addition was Alberto Bustamante on 2021-05-13.
> >
> > ## Project Activity:
> > We issued 8 releases this quarter which include an updated Log4j2 
version
> > to handle the remote code execution CVE. Apache Geode Kafka Connector
> 1.1.0
> > was also released this quarter.
> > We have also started the effort to remove the use of deprecated
> components
> > in
> > the project.
> >
> > Recent Releases of Apache Geode:
> > - 1.14.3 was released on 2022-01-25
> > - 1.13.7 was released on 2022-01-22
> > - 1.12.7 was released on 2022-12-17
> > - 1.13.6 was released on 2021-12-17
> > - 1.14.2 was released on 2021-12-17
> > - 1.12.6 was released on 2021-12-11
> > - 1.13.5 was released on 2021-12-11
> > - 1.14.1 was released on 2021-12-11
> >
> > Work on releasing 1.15.0 is progressing 

Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th

[Owen Nichols]

That's a much better way to put it, Mark.  Thanks!

On 2/4/22, 2:50 PM, "Mark Bretl"  wrote:

I agree with Dan here that bragging about 'one of the quickest' is not
needed, but noting we are up-to-date with Log4J patches and have
documentation for mitigation might be a better approach.

My $.02

--Mark

On Fri, Feb 4, 2022 at 11:34 AM Dan Smith  wrote:

> Counting the kafka connector I'm not sure bragging about CVE patching
> speed is justified, but otherwise looks good to me!
>
> -Dan
> 
> From: Nabarun Nag 
> Sent: Tuesday, February 1, 2022 2:25 PM
> To: dev@geode.apache.org 
> Subject: Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th
>
> Thank you for the feedback, please find the new draft with the added
> review comments.
>
> ## Project Activity:
> We issued 9 releases this quarter which include an updated Log4j2 version
> to handle the remote code execution CVE. The project had one of the
> quickest turnaround times from the Log4j2 CVE disclosure to the patch
> releases with the fix. Apache Geode Kafka Connector 1.1.0 was also 
released
> this quarter.
> We have also started the effort to remove the use of deprecated components
> in the project.
>
> > Recent Releases of Apache Geode:
> > - 1.14.3 was released on 2022-01-25
> > - 1.13.7 was released on 2022-01-22
> > - 1.12.8 was released on 2022-01-13
> > - 1.12.7 was released on 2022-12-17
> > - 1.13.6 was released on 2021-12-17
> > - 1.14.2 was released on 2021-12-17
> > - 1.12.6 was released on 2021-12-11
> > - 1.13.5 was released on 2021-12-11
> > - 1.14.1 was released on 2021-12-11
>
>
> 
> From: Owen Nichols 
> Sent: Tuesday, February 1, 2022 12:39 PM
> To: dev@geode.apache.org 
> Subject: Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th
>
> 1.12.8 seems to be missing from the list of releases. Also consider
> bragging about Geode’s turnaround time from CvE disclosure to patch
> release…only one other ASF project got theirs out faster than we did.
>
>
> ---
> Sent from Workspace ONE Boxer<
> 
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwhatisworkspaceone.com%2Fboxerdata=04%7C01%7Conichols%40vmware.com%7Ce34bc117828b4af0341408d9e830c5a3%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C63779611835049%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=EE2%2BlyfKqAkVYYjbvVWaDftYeloc87GeBEv2klcnXhM%3Dreserved=0
> >
>
> On January 31, 2022 at 1:57:18 PM PST, Dave Barnes 
> wrote:
> LGTM +1
>
> On Mon, Jan 31, 2022 at 12:50 PM Nabarun Nag  wrote:
>
> > This is a draft of our report to the board. Please let me know if there
> > are details you'd like me to add!
> >
> > --Naba
> >
> > ## Description:
> > The mission of Apache Geode is the creation and maintenance of software
> > related
> > to a data management platform that provides real-time, consistent access
> to
> > data-intensive applications throughout widely distributed cloud
> > architectures.
> >
> > ## Issues:
> > There are no Board-level issues at this time.
> >
> > ## Membership Data:
> > Apache Geode was founded 2016-11-15 (5 years ago)
> > There are currently 115 committers and 54 PMC members in this project.
> > The Committer-to-PMC ratio is roughly 2:1.
> >
> > Community changes, past quarter:
> > - No new PMC members. Last addition was Donal Evans on 2021-03-22.
> > - No new committers. Last addition was Alberto Bustamante on 2021-05-13.
> >
> > ## Project Activity:
> > We issued 8 releases this quarter which include an updated Log4j2 
version
> > to handle the remote code execution CVE. Apache Geode Kafka Connector
> 1.1.0
> > was also released this quarter.
> > We have also started the effort to remove the use of deprecated
> components
> > in
> > the project.
> >
> > Recent Releases of Apache Geode:
> > - 1.14.3 was released on 2022-01-25
> > - 1.13.7 was released on 2022-01-22
> > - 1.12.7 was released on 2022-12-17
> > - 1.13.6 was released on 2021-12-17
> > - 1.14.2 was released on 2021-12-17
> > - 1.12.6 was released on 2021-12-11
> > - 1.13.5 was released on 2021-12-11
> > - 1.14.1 was released on 2021-12-11
> >
> > Work on releasing 1.15.0 is progressing as planned.
> >
> > Apache Geode Kafka Connector 1.1.0 was released on 2022-01-18.
> >
> > ## Community Health:
> > - Continuing our monthly video conferences.
> > - Addition of Kafka Connector project to grow the community.
> > - Mailing lists are seeing the usual amount of traffic involving
> > discussions
> > 

Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th

[Mark Bretl]

I agree with Dan here that bragging about 'one of the quickest' is not
needed, but noting we are up-to-date with Log4J patches and have
documentation for mitigation might be a better approach.

My $.02

--Mark

On Fri, Feb 4, 2022 at 11:34 AM Dan Smith  wrote:

> Counting the kafka connector I'm not sure bragging about CVE patching
> speed is justified, but otherwise looks good to me!
>
> -Dan
> 
> From: Nabarun Nag 
> Sent: Tuesday, February 1, 2022 2:25 PM
> To: dev@geode.apache.org 
> Subject: Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th
>
> Thank you for the feedback, please find the new draft with the added
> review comments.
>
> ## Project Activity:
> We issued 9 releases this quarter which include an updated Log4j2 version
> to handle the remote code execution CVE. The project had one of the
> quickest turnaround times from the Log4j2 CVE disclosure to the patch
> releases with the fix. Apache Geode Kafka Connector 1.1.0 was also released
> this quarter.
> We have also started the effort to remove the use of deprecated components
> in the project.
>
> > Recent Releases of Apache Geode:
> > - 1.14.3 was released on 2022-01-25
> > - 1.13.7 was released on 2022-01-22
> > - 1.12.8 was released on 2022-01-13
> > - 1.12.7 was released on 2022-12-17
> > - 1.13.6 was released on 2021-12-17
> > - 1.14.2 was released on 2021-12-17
> > - 1.12.6 was released on 2021-12-11
> > - 1.13.5 was released on 2021-12-11
> > - 1.14.1 was released on 2021-12-11
>
>
> 
> From: Owen Nichols 
> Sent: Tuesday, February 1, 2022 12:39 PM
> To: dev@geode.apache.org 
> Subject: Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th
>
> 1.12.8 seems to be missing from the list of releases. Also consider
> bragging about Geode’s turnaround time from CvE disclosure to patch
> release…only one other ASF project got theirs out faster than we did.
>
>
> ---
> Sent from Workspace ONE Boxer<
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwhatisworkspaceone.com%2Fboxerdata=04%7C01%7Cdasmith%40vmware.com%7C38f5f23b5d3447df5bee08d9e5d1dbd4%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637793511813886329%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=klI3CJDjpPQoknRVSncdCMBJWbctMIQmOSl5pjyalgc%3Dreserved=0
> >
>
> On January 31, 2022 at 1:57:18 PM PST, Dave Barnes 
> wrote:
> LGTM +1
>
> On Mon, Jan 31, 2022 at 12:50 PM Nabarun Nag  wrote:
>
> > This is a draft of our report to the board. Please let me know if there
> > are details you'd like me to add!
> >
> > --Naba
> >
> > ## Description:
> > The mission of Apache Geode is the creation and maintenance of software
> > related
> > to a data management platform that provides real-time, consistent access
> to
> > data-intensive applications throughout widely distributed cloud
> > architectures.
> >
> > ## Issues:
> > There are no Board-level issues at this time.
> >
> > ## Membership Data:
> > Apache Geode was founded 2016-11-15 (5 years ago)
> > There are currently 115 committers and 54 PMC members in this project.
> > The Committer-to-PMC ratio is roughly 2:1.
> >
> > Community changes, past quarter:
> > - No new PMC members. Last addition was Donal Evans on 2021-03-22.
> > - No new committers. Last addition was Alberto Bustamante on 2021-05-13.
> >
> > ## Project Activity:
> > We issued 8 releases this quarter which include an updated Log4j2 version
> > to handle the remote code execution CVE. Apache Geode Kafka Connector
> 1.1.0
> > was also released this quarter.
> > We have also started the effort to remove the use of deprecated
> components
> > in
> > the project.
> >
> > Recent Releases of Apache Geode:
> > - 1.14.3 was released on 2022-01-25
> > - 1.13.7 was released on 2022-01-22
> > - 1.12.7 was released on 2022-12-17
> > - 1.13.6 was released on 2021-12-17
> > - 1.14.2 was released on 2021-12-17
> > - 1.12.6 was released on 2021-12-11
> > - 1.13.5 was released on 2021-12-11
> > - 1.14.1 was released on 2021-12-11
> >
> > Work on releasing 1.15.0 is progressing as planned.
> >
> > Apache Geode Kafka Connector 1.1.0 was released on 2022-01-18.
> >
> > ## Community Health:
> > - Continuing our monthly video conferences.
> > - Addition of Kafka Connector project to grow the community.
> > - Mailing lists are seeing the usual amount of traffic involving
> > discussions
> > related to improving performance, operation protocols, etc.
> >
> >
> >
>

Re: [DISCUSS] Testing and voting on release candidates

[Owen Nichols]

Thanks for putting together this script, Dan.  It's always humbling to discover 
ways that a user's environment can differ from the tightly-controlled 
conditions of CI.

I've noticed we've shipped quite a few releases recently with the bare minimum 
of votes.  I hope this will encourage more participation from Geode's 54 PMC 
members [1].  Even if you are not a PMC member you can still run some checks 
and offer an "advisory" vote on the release candidate.

"Ad-hoc" testing is still valuable too.  Whether you have a pet project or 
full-blown application that uses Geode (or want to start one [2]), real-world 
testing of Geode can also shake out things we never thought of.

[1] https://projects.apache.org/committee.html?geode
[2] https://start.spring.io

On 2/4/22, 10:56 AM, "Dan Smith"  wrote:

Hi all,

I'd like to suggest something that might make voting on releases a little 
clearer and easier. I feel like we've been a bit vague about what kind of 
testing PMC members are supposed to do on a release candidate, and I see 
different folks (including myself) running different kinds of ad hoc testing.

I'd like to suggest that we should mostly focus on things that are either 
apache requirements for voting on releases or can't reasonably be testing in CI.

The apache release policy [1] says

"Before voting +1 PMC members are required to download the signed source 
code package, compile it as provided, and test the resulting executable on 
their own platform, along with also verifying that the package meets the 
requirements of the ASF policy on releases."

I checked in a script that can do the building and signature verification 
for you [2]. My hope is that we can improve this script do to all of the 
testing that we think is important to do on a developers machine before VOTING 
+1, and free up more time to look at the commits, source files etc. and 
thinking about if this is what we should be releasing.

I'm not trying to discourage any ad hoc testing someone feels like they 
want to do, but I do want to make sure that everyone is in agreement on what we 
should be doing before voting on a release and hopefully make it so that 
everyone feels comfortable voting without wondering what they are supposed to 
test.

[1] 
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.apache.org%2Flegal%2Frelease-policy.html%23approving-a-releasedata=04%7C01%7Conichols%40vmware.com%7C7bec2e36664d45df10bb08d9e8100ee5%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637795977955611092%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=cslqHDG12fgy8kAwLvh1QDNoeRs9nZdnK9uz2QtckLY%3Dreserved=0
[2] 
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fgeode%2Ftree%2Fdevelop%2Fdev-tools%2Frelease-testingdata=04%7C01%7Conichols%40vmware.com%7C7bec2e36664d45df10bb08d9e8100ee5%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637795977955611092%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=qXqCZIivE1foYg%2F3q2jzUMxMEmIQwbVeRCxvE0M1O5A%3Dreserved=0

Thanks,
-Dan

[DISCUSS] Testing and voting on release candidates

[Dan Smith]

Hi all,

I'd like to suggest something that might make voting on releases a little 
clearer and easier. I feel like we've been a bit vague about what kind of 
testing PMC members are supposed to do on a release candidate, and I see 
different folks (including myself) running different kinds of ad hoc testing.

I'd like to suggest that we should mostly focus on things that are either 
apache requirements for voting on releases or can't reasonably be testing in CI.

The apache release policy [1] says

"Before voting +1 PMC members are required to download the signed source code 
package, compile it as provided, and test the resulting executable on their own 
platform, along with also verifying that the package meets the requirements of 
the ASF policy on releases."

I checked in a script that can do the building and signature verification for 
you [2]. My hope is that we can improve this script do to all of the testing 
that we think is important to do on a developers machine before VOTING +1, and 
free up more time to look at the commits, source files etc. and thinking about 
if this is what we should be releasing.

I'm not trying to discourage any ad hoc testing someone feels like they want to 
do, but I do want to make sure that everyone is in agreement on what we should 
be doing before voting on a release and hopefully make it so that everyone 
feels comfortable voting without wondering what they are supposed to test.

[1] https://www.apache.org/legal/release-policy.html#approving-a-release
[2] https://github.com/apache/geode/tree/develop/dev-tools/release-testing

Thanks,
-Dan

Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th

[Dan Smith]

Counting the kafka connector I'm not sure bragging about CVE patching speed is 
justified, but otherwise looks good to me!

-Dan

From: Nabarun Nag 
Sent: Tuesday, February 1, 2022 2:25 PM
To: dev@geode.apache.org 
Subject: Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th

Thank you for the feedback, please find the new draft with the added review 
comments.

## Project Activity:
We issued 9 releases this quarter which include an updated Log4j2 version
to handle the remote code execution CVE. The project had one of the quickest 
turnaround times from the Log4j2 CVE disclosure to the patch releases with the 
fix. Apache Geode Kafka Connector 1.1.0 was also released this quarter.
We have also started the effort to remove the use of deprecated components in 
the project.

> Recent Releases of Apache Geode:
> - 1.14.3 was released on 2022-01-25
> - 1.13.7 was released on 2022-01-22
> - 1.12.8 was released on 2022-01-13
> - 1.12.7 was released on 2022-12-17
> - 1.13.6 was released on 2021-12-17
> - 1.14.2 was released on 2021-12-17
> - 1.12.6 was released on 2021-12-11
> - 1.13.5 was released on 2021-12-11
> - 1.14.1 was released on 2021-12-11



From: Owen Nichols 
Sent: Tuesday, February 1, 2022 12:39 PM
To: dev@geode.apache.org 
Subject: Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th

1.12.8 seems to be missing from the list of releases. Also consider bragging 
about Geode’s turnaround time from CvE disclosure to patch release…only one 
other ASF project got theirs out faster than we did.


---
Sent from Workspace ONE 
Boxer

On January 31, 2022 at 1:57:18 PM PST, Dave Barnes  wrote:
LGTM +1

On Mon, Jan 31, 2022 at 12:50 PM Nabarun Nag  wrote:

> This is a draft of our report to the board. Please let me know if there
> are details you'd like me to add!
>
> --Naba
>
> ## Description:
> The mission of Apache Geode is the creation and maintenance of software
> related
> to a data management platform that provides real-time, consistent access to
> data-intensive applications throughout widely distributed cloud
> architectures.
>
> ## Issues:
> There are no Board-level issues at this time.
>
> ## Membership Data:
> Apache Geode was founded 2016-11-15 (5 years ago)
> There are currently 115 committers and 54 PMC members in this project.
> The Committer-to-PMC ratio is roughly 2:1.
>
> Community changes, past quarter:
> - No new PMC members. Last addition was Donal Evans on 2021-03-22.
> - No new committers. Last addition was Alberto Bustamante on 2021-05-13.
>
> ## Project Activity:
> We issued 8 releases this quarter which include an updated Log4j2 version
> to handle the remote code execution CVE. Apache Geode Kafka Connector 1.1.0
> was also released this quarter.
> We have also started the effort to remove the use of deprecated components
> in
> the project.
>
> Recent Releases of Apache Geode:
> - 1.14.3 was released on 2022-01-25
> - 1.13.7 was released on 2022-01-22
> - 1.12.7 was released on 2022-12-17
> - 1.13.6 was released on 2021-12-17
> - 1.14.2 was released on 2021-12-17
> - 1.12.6 was released on 2021-12-11
> - 1.13.5 was released on 2021-12-11
> - 1.14.1 was released on 2021-12-11
>
> Work on releasing 1.15.0 is progressing as planned.
>
> Apache Geode Kafka Connector 1.1.0 was released on 2022-01-18.
>
> ## Community Health:
> - Continuing our monthly video conferences.
> - Addition of Kafka Connector project to grow the community.
> - Mailing lists are seeing the usual amount of traffic involving
> discussions
> related to improving performance, operation protocols, etc.
>
>
>